All docs
IntegrationsUpdated

Webhooks

How to enable an outbound webhook on a form, what the JSON payload contains, how to verify requests with the signature header, and what you can build with it.

Key points
  • Each form can send an outbound webhook: on every submission Formiqa POSTs a JSON body to your URL.
  • Delivery is non-blocking with a roughly 5-second timeout, so it never slows the respondent down.
  • Set an optional secret and Formiqa signs the request with HMAC-SHA256 in the X-Webhook-Secret header.
  • Point it at your own backend, or at third-party tools like Zapier or Make that accept an incoming webhook.

A webhook is Formiqa's way of pushing data out the moment it arrives. Instead of you polling for new responses, each form can call a URL you own every time it is submitted — sending the submission as JSON so your own systems can react in real time.

Enable a webhook

  1. 1Open the form in the builder and go to the Integrations panel.
  2. 2Turn webhooks on for the form.
  3. 3Paste the webhook URL — the endpoint on your side that will receive the POST.
  4. 4Optionally add a secret, which Formiqa uses to sign each request so you can verify it.
  5. 5Save. From now on, every submission triggers a delivery to your URL.

The payload

On each submission Formiqa sends an HTTP POST with a JSON body. The payload contains:

  • event — the event type, always "form.submission" for a new response.
  • formId — the identifier of the form that was submitted.
  • formTitle — the form's human-readable title.
  • submissionId — the identifier of this specific submission.
  • data — an object holding the answers, keyed by field.
  • submittedAt — the timestamp of the submission.

Verifying requests

If you set a secret, Formiqa includes an HMAC-SHA256 signature of the request in the X-Webhook-Secret header. On your side, recompute the HMAC-SHA256 of the received body using the same secret and compare it against the header value. If they match, the request genuinely came from Formiqa and was not tampered with; if they differ, reject it.

What you can build

The webhook is deliberately generic, so it fits almost any workflow:

  • Send to your own backend — write the submission to your database, kick off an internal process, or post a message into your own tooling.
  • Connect to automation tools — point the webhook at a third-party service that accepts an incoming webhook, such as Zapier or Make, and build your automation there. These are external tools that accept a webhook, not native Formiqa integrations.

Frequently asked questions

How do I verify a webhook came from Formiqa?
Set a secret when you configure the webhook. Formiqa then signs each request with HMAC-SHA256 and puts the signature in the X-Webhook-Secret header. Recompute the HMAC of the received body with your secret and compare — if they match, the request is genuine.
What happens if my endpoint is slow or down?
Delivery is non-blocking with a roughly 5-second timeout, so a slow or unavailable endpoint never delays the respondent. Design your endpoint to acknowledge fast and do heavier processing asynchronously.
Can I connect Formiqa to Zapier or Make?
Yes, indirectly. Create an incoming-webhook trigger in Zapier or Make and paste that URL as your Formiqa webhook URL. These are third-party tools that accept a webhook — not native, built-in Formiqa integrations.
What HTTP method and body does the webhook use?
Every delivery is an HTTP POST with a JSON body containing event, formId, formTitle, submissionId, data (the answers) and submittedAt.

Build a better form with Formiqa.

Free forever. No credit card. No per-response fees.